Help center




How change password?

Connect to the server using XMPP client, login in account setting, change the password

How recovery password?

Connect to the server using XMPP client, login in account setting, change the password. You can also contact the support service if you indicated your e-mail. If you do not remember your password and and do not have an XMPP client connected and did not provide your email address, there is no way to recover your password

How do I clear my history from server?

By default messages and files will be deleted after 7 days. If you want to erase messages and files earlier connect to the server using XMPP client, login in account setting. Click to button "Clear sync cache"

How delete account?

Connect to the server using XMPP client, login in account setting, tap to button "delete account". If you forget your password, your account will be deleted automatically after 404 days of inactivity. In some cases, inactive accounts are automatically deleted before 404 days.




Advanced


Spam and flood protection

"Why should a 404 user allow me to send messages to him?"

Most servers have no protection against bulk account creation. Strangers create thousands of accounts on other servers to send spam and flood attacks to users.Some servers manually browse incoming unencrypted user messages. The privacy policy prohibits us from viewing unencrypted messages for users. We think that protection against spam and flooding should not violate the right to privacy and give someone the right to see your messages, therefore protection from strangers is enabled automatically.We think it is up to users to decide whether to accept or reject messages from strangers. You need to first add the user to your contact list and wait until he allows you to write him a message.

Reasons for limiting the character & Spoofing protection

"The is character set limiting protection against SQL injection?"

No, the limitation no purpose of protection against SQL-injection. To protect against SQL-injections, it is better to use "prepared statement". "Prepared statement" allows any characters to be stored in the database.

"What is the purpose of limiting the character set when creating username?

XMPP standard allows the use spoofing latin nickname characters using characters from a different alphabet. Example: example@example.com (only latyn "e/a" symbols) and еxample@еxample.com(in include cyrilic "e/a simbols) differend address looking the same to humans. We have limited the character set to security tested. Example: example@404.city (Only latin symbols and numbers).

"Why is the set of characters in the password limited?"

The limitation in the character set in the password is due to errors in the encoding of XMPP clients. A correctly entered password with an unusual character set may work in one XMPP client and not in another. A non-working password, after changing it, is an painful mistake.

"What format is the password stored in?"

The password is stored in Ejabberd database in the salted hash SCRAM-SHA. XMPP client's also send a salted hash SCRAM-SHA during authorization, if XMPP client supports this method. When you try to change the authorization method SCRAM-SHA to plan-text, from a salted hash in the XMPP client, an error will occur and the connection will be terminated.

MITM attacks protection

"I cannot connect to another server "honeypot.com", but I can connect to it from the server "ponypot.com". why did you restrict the connection to the honeypot.com server?"

Most servers check for the existence of an encrypted connection, but do not check the validity of an encrypted connection for historical reasons, when certificates were worth the money. We do not restrict communication with any servers, but we require strict compliance with security requirements. If the server provided an invalid security certificate, the connection will be rejected. If you cannot connect to any server, the encryption is probably not configured correctly or someone is trying to hack the server-to-server communication.

Security

"I am willing to pay 'example' bitcoin, sell me your information about user 'example'@404.city"

We do not sell userdata, unlike some other XMPP servers

"I want to help free administer the server, can I be of any help? Everyone knows me in the XMPP community for a long time and they say I'm a good guy "

We have strict security regulations that prohibit from accessing critical infrastructure. Regardless of the authorization and importance of the person

"You know me for a long time, at a friendly request give me IP address and messages..."

No Kevin [?], we know about social engineering and we ignore any friendly requests"

"Hey! I wrote a bot or transport, you can run it on the server?"

No, we are not competent to perform security audits and therefore simply prefer not to run untrusted scripts.

E2E encryption

"How E2E encryption works?"

E2E (end-to-end) is option XMPP clients to increase security. The server does not manage E2E encryption, with E2E you can manage your own privacy without server configuration. Encryption occurs direct from device to device no need to trust the server. Once you delete a all delivered message (OMEMO/OTR) on your devices, you cannot and load repeatedly recover it from the history, because the temporary encryption key will be deleted along with the message

"Why do I need E2E and to what extent does it provide my security?"

The E2E encryption is like the key to your home. Only you have the key and therefore an intruder cannot steal your property or spy on you, watch you poop in the toilet. On the Internet, E2E encryption performs a similar function, if a hacker breaks into your account, he will not be able to access your correspondence. E2E encryption protects against leaks due to software vulnerabilities, backdoors, theft of passwords from accounts, any unauthorized access.

"Does e2e encryption fully protect against any mass surveillance?"

Historically, dictatorial and totalitarian regimes have used massive surveillance to block freedom of speech. Hitler, Mussolini, Stalin, Pol Pot [?] used massive surveillance ans censorship to kill people who disagreed with their actions.
E2E encryption well protects against crack hackers or mass surveillance, but does not protect for more labor intensive individual surveillance, when information can be obtained classical ways, for example, by spying on you through a window or physical getting access to you or your device

Terms of Use

"Can government officials, educational institutions use the server?"

There are no restrictions on the rules of use, but the server is probably not suitable for rapid response - firefighters, police, ambulance, rescue service, military communications. If you are transmitting sensitive information, we strongly recommend that you use e2e encryption.

"What level of service do you provide?"

We provide the level of service "as is", we do not give any guarantees of quality work or the possibility of application for any purpose.

"What is prohibited by the rules on the server?"

Illegal activityare - prohibited. Spam, flooding, aggressive advertising - prohibited. The server is made for people automatic messaging water meters, electricity meters, gas meters - prohibited. The use of "bots for humans" is not prohibited, but bulk sending of outgoing messages can lead to automatic account blocking

Privacy

"How long are my files or messages stored on the server?"

Files and messages will be automatically deleted after 7 days

"How well is my personal data protected?"

XMPP server is just "messages router". Privacy laws about Secrecy of Correspondence prohibit the viewing of your private uncrypted messages and the disclosure of information about include your location.

For administrators of other servers

My server cannot connect to 404.city, what should I do?

These recommendations can fix 99% of all connection errors:

"What 'Open list of XMPP servers'?"

XMPP is a federated network and there is competition between servers. We are repeatedly faced with defamation, disinformation, DDoS attacks and the exclusion of 404.city XMPP servers for or fake reasons Some of the most comical reasons/requirements removal from the lists of XMPP servers:

For this reasons, we have created an "Open list of XMPP servers" and made a commitment not to make any decisions on inclusion or exclusion from the list other than actual availability or unavailability.

"How do I report spam?"

You can report cases of unwanted messages by XMPP contact support@404.city. We will process your report, but we recommend that you enable automatic blocking of messages from strangers "mod_block_strangers", and not engage in viewing messages users. This will protect your XMPP server from any unwanted messages and flood from any XMPP server and will increase confidentiality your server if is public server. XMPP unlike email, allows you to specify a technically requirement "mandatory subscription" to receive messages.







The server is authorized for use for any purposes permitted by the laws of the EU. Privacy is protected by the UN Declaration of Human Rights and the law on the secrecy of personal correspondence. Using a 404.city you agree to the terms of use and privacy policy ● Feedback: support@404.city [xmpp] [e-mail] ● 2015- © 404.city